Change the FQDN of the RPort server

Learn how to use your own name instead of the random *.user.rport.io hostname

Create your DNS record

If you want to change the FQDN of a RPort server installed via the cloud-installer the first step is to create a DNS A Record that points to the IP address of your virtual machine.
🧨 Do not use a CNAME record pointing to the *.users.rport.io FQDN. Always use an A-record.
The free DNS service of RPort will delete unused hostnames automatically, and your CNAME-record would become orphaned.
We will use rport-server.example.com as an example for the new hostname of your RPort server.
Login to the console of your rport-server using SSH and verify the new DNS record has been set up properly. Execute the following two commands. Both must print the same IP address – the IP address of your RPort server.
# Query the DNS
$ dig +short rport-server.example.com
# Fetch your external IP address
$ wget -qO - 'https://api.ipify.org?format=text'

Generate new SSL certificates

If you already have certificates for the new FQDN, you can skip this step.
Stop the RPort server first. To generate new free certificates via Let's Encrypt, execute the following commands.
systemctl stop rportd
# Generate
certbot certonly -d $FQDN -n \
--agree-tos --standalone \
# Change group ownerships so rport can read the files
chgrp rport /etc/letsencrypt/archive/
chmod g+rx /etc/letsencrypt/archive/
chgrp rport /etc/letsencrypt/live/
chmod g+rx /etc/letsencrypt/live/
chgrp rport /etc/letsencrypt/archive/$FQDN/
chmod g+rx /etc/letsencrypt/archive/$FQDN/
chgrp rport /etc/letsencrypt/archive/$FQDN/privkey1.pem
chmod g+rx /etc/letsencrypt/archive/$FQDN/privkey1.pem
chgrp rport /etc/letsencrypt/live/$FQDN/
ls -l /etc/letsencrypt/live/$FQDN/

Change the rportd configuration

Change the ssl key and cert

With the new certificates generated, or with your own certificates, open the configuration file /etc/rport/rportd.conf with an editor. Scroll down to the lines where certificates are configured. Certificates are registered twice. In the [server] and [api] section. Change it as shown.
Before (with random *users.rport.io FQDN)
# in the [server] section
tunnel_proxy_cert_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/fullchain.pem"
tunnel_proxy_key_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/privkey.pem"
# in the [api] section
cert_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/fullchain.pem"
key_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/privkey.pem"
After (example with your FQDN)
# in the [server] section
tunnel_proxy_cert_file = "/etc/letsencrypt/live/rport-server.example.com/fullchain.pem"
tunnel_proxy_key_file = "/etc/letsencrypt/live/rport-server.example.com/privkey.pem"
# in the [api] section
cert_file = "/etc/letsencrypt/live/rport-server.example.com/fullchain.pem"
key_file = "/etc/letsencrypt/live/rport-server.example.com/privkey.pem"
Change the path to the new certificates.

Change the client connect url

The rportd.conf file contains a setting url =, that indicates clients who is their server. You must change this setting to the new hostname. If the client url contains a hostname, you must change it. If it contains an IP address, no changes are needed.
Before (with random *users.rport.io FQDN)
url = "http://dtdu7j7pvaxv.users.rport.io:80"
After (example with your FQDN)
url = "rport-server.example.com"
If you client url consist of a hostname you must change this hostname on all clients too in the rport.conf client configuration file.

Change the server URL for sending two-factor tokens via email

If your RPort server is using the default script to send two-factor tokens via email, you must enter the new URL of your server in /usr/local/bin/2fa-sender.sh too.
Open the script with an editor and enter the URL of your RPort server.
-F url=https://*.users.rport.io 2>&1)
After (example with your FQDN):
-F url=https://rport-server.example.com 2>&1)
Wildcards are not supported for custom domain names.

Start RPortd

Finally, start the rport server again with systemctl start rportd. Type in the new https://<NEW_FQDN> into your browser and check. 🎉
Don't be frightened if clienst appear disconnected. Because the rport server has beend stopped for a while it takes some time to reconnect. But trust, they will all reconnect.